Merge pull request #317 from coreos-inc/noscopeheadshot

Switch the base case for when a scope string contains an invalid scope.

auth/scopes.py

@@ -101,7 +101,7 @@ def scopes_from_scope_string(scopes):
   # https://tools.ietf.org/html/rfc6749#section-3.3
   # However, we also support commas for backwards compatibility with existing callers to our code.
   scope_set = {ALL_SCOPES.get(scope, None) for scope in re.split(' |,', scopes)}
-  return scope_set if not None in scope_set else {}
+  return scope_set if not None in scope_set else set()
 
 
 def validate_scope_string(scopes):

test/test_auth.py

@@ -9,7 +9,8 @@ from flask import g
 from flask.ext.principal import identity_loaded
 
 from auth.auth import _process_basic_auth
-from auth.scopes import scopes_from_scope_string, is_subset_string, DIRECT_LOGIN, ADMIN_REPO
+from auth.scopes import (scopes_from_scope_string, is_subset_string, DIRECT_LOGIN, ADMIN_REPO,
+                         ALL_SCOPES)
 from auth.permissions import QuayDeferredPermissionUser
 from endpoints.api import api_bp, api
 from endpoints.api.user import User, Signin
@@ -132,9 +133,9 @@ class TestAuth(ApiTestCase):
     self.assertEquals(QuayDeferredPermissionUser.for_id('123454', {ADMIN_REPO})._scope_set, {ADMIN_REPO})
 
   def assertParsedScopes(self, scopes_str, *args):
-    expected = list(args)
+    expected_scope_set = {ALL_SCOPES[scope_name] for scope_name in args}
-    parsed = scopes_from_scope_string(scopes_str)
+    parsed_scope_set = scopes_from_scope_string(scopes_str)
-    self.assertEquals([p.scope for p in parsed], expected)
+    self.assertEquals(parsed_scope_set, expected_scope_set)
 
   def test_scopes_parsing(self):
     # Valid single scopes.